Privacy policy

GETSAFE website

The protection of your personal data is important to us. With this privacy policy, we inform you about the processing of your personal data in connection with the use of the Getsafe website and about your existing data subject rights.

For more information on data processing in connection with the conclusion of an insurance contract on our website and in the Getsafe app, please refer to this privacy policy.

1. Who we are and how you can reach us

We, the

Getsafe Digital GmbH
Waldhofer Str. 102
69123 Heidelberg
GermanyTel.: +49 (0) 6221 3579990

E-mail: [email protected]

are responsible for processing your personal data when you visit our website or contact us through the website. Getsafe Digital GmbH (hereinafter: "we", "us", "our") is part of the GETSAFE Group (hereinafter: "GETSAFE"). You can find more information about all GETSAFE companies at: https://www.hellogetsafe.com/en-de/impressum .

If you have any questions or suggestions regarding the processing of your personal data or your data subject rights with us, you can contact our data protection officer at any time by e-mail at: [email protected] or send us a message by mail to the above postal address with the note "data protection officer".

2. Personal data - information about you

Personal data is information that identifies you, such as your name. In addition, information that only identifies you together with other information is also personal data (e.g. your IP address). We divide personal data that we process from you into the following categories:

  • Access data: Access data is information that is required to enable the use of our websites and online services. This includes in particular: Browser type and version, operating system used, Internet service provider, IP address of the requesting device, date and time of the server request, websites from which our website is accessed (referrer URL), websites that are accessed by your system via our website
  • Contact details: Contact information is information about you that is necessary to identify and, if necessary, contact you. In particular, this includes the following information: First and last name, address, e-mail address, telephone number, date of birth
  • Log data: Log data is information that is used to record certain actions on our websites. The log data is collected to ensure the security and integrity of the website and to document and assign certain actions for legal security reasons. This includes in particular: Date and time of an operation, IP address of the device used to perform a particular action.

3. What we use your personal data for

When you visit our website, we rely on the processing of your personal data to make our website available to you and to interact with you.

a. When visiting our website

For the purpose of the technical provision of the website, it is necessary that we process certain information automatically transmitted by your browser so that our website is displayed in your browser, you can use the website and we can ensure IT security. This access data is automatically collected each time you visit our website and automatically stored in so-called server log files.

The access data is stored for the duration of the session partly in a cookie on your device and temporarily in a so-called log file in our systems, whereby the IP address is alienated on our server so that an assignment to an individual website visitor is no longer possible. A processing of this access data for other purposes does not take place.

The legal basis for the processing of personal data for the technical provision of the website is Art. 6 para. 1 p.1 lit. f DS-GVO, whereby our legitimate interest results from the aforementioned purposes.

If access data (anonymized) is stored on our server, the personal data is usually deleted after four 4 weeks, but at the latest after six 6 weeks.

b. When you contact us

For general contact requests we offer you the possibility to contact us via

  • an e-mail address provided on the website or
  • a telephone number indicated on the website

When contacting us by e-mail, it is necessary to provide a valid e-mail address as well as your first and last name so that we know from whom the inquiry originates and can answer it. In order to assign your inquiry to one of our contact persons, it may be necessary to provide your address. We also collect contact data from you if you contact us by telephone. If we collect your e-mail address when you contact us by e-mail or telephone, we also use it to send you our data protection notice.

The data processing for contacting us by e-mail is based on a legitimate interest pursuant to Art. 6 para. 1 p. 1 lit. f DS-GVO; our legitimate interest lies in answering and processing your request, for which the storage and use of contact data is necessary. If we have a contractual relationship with you or if the contact serves to initiate a contractual relationship, the processing is based on Art. 6 para. 1 p. 1 lit. b DS-GVO. If you provide us with information about your health (health data) together with your request, the legal basis for the processing of this data for the sole purpose of processing your request is consent pursuant to Art. 6 para. 1 S.1 lit. a, 7 and 9 para. 2 lit. a DS-GVO, which must be granted separately by you. If you do not consent, we will delete your sensitive data without being able to process the associated request.

You have the right to withdraw your consent at any time.

Personal data that we collect from you in connection with a contact will be deleted as soon as your request has been processed. Insofar as a business initiation or a contractual relationship results from your contact or it is related to this, this information is usually stored until the contractual relationship has been processed, insofar as this does not conflict with any storage periods.

c. So that we can inform you about products and services

At various points on our website, we invite you to subscribe to information by e-mail about GETSAFE products, services and promotions. The registration is done in a so-called double opt-in process. This means that after registration you will receive an e-mail asking you to confirm your registration. This is necessary so that no one can register with another person's email address.

If we contact you by e-mail in the context of promotional measures, the legal basis for the data processing is your consent pursuant to Art. 6 para. 1 sentence 1 lit. a, 7 DS-GVO, which we obtain separately from you.

If we contact you with promotional information by mail, the legal basis is our legitimate interest pursuant to Art. 6 para. 1 p.1 lit. f DS-GVO, whereby our legitimate interest results from the recognized goal of promoting the sale of products and services through advertising by mail.

You have the right to revoke your consent at any time with effect for the future (e.g. via an unsubscribe link contained in every advertising e-mail).

If the data is processed for the purpose of advertising by mail, you can object to further processing at any time with effect for the future. If you object, your data will no longer be processed for these advertising purposes.

Logging

Registrations for a promotional approach by e-mail are logged in order to be able to prove the registration process in accordance with legal requirements. This includes the storage of the registration and confirmation time as well as the IP address. Changes to your data stored with the dispatch service provider are also logged.

The legal basis for processing the access data for the purpose of logging is a legitimate interest pursuant to Art. 6 (1) sentence 1 lit. f DS-GVO, which arises from the need to properly document the declarations made and measures taken and to be able to prove them if necessary.

Success measurement

In order to improve our advertising approach via e-mail and to be able to measure the success of the advertising communication, we collect personal data from you (access data, possibly also your e-mail address) when you open or read the links contained in the e-mail. This analysis includes information about whether the e-mail message was opened, when it was opened and which links are clicked. In addition, certain parameters regarding reading behavior, the retrieval location (determinable via the IP address) and the access time are collected and transmitted to us. This information allows us to better understand the reading habits of our users and to tailor our content to them or send other content according to the interests of our users.

The legal basis for the processing of data for the purpose of performance measurement is your consent pursuant to Art. 6 para. 1 sentence 1 lit. a, 7 DS-GVO in conjunction with Section 7 para. 2 No. 3 UWG, which we obtain from you with your consent for direct advertising.

You have the right to revoke your consent at any time with effect for the future.

Duration of storage

Personal data that we collect from you for advertising purposes will be deleted as soon as you revoke your consent to be contacted for advertising purposes by e-mail (e.g. via the unsubscribe link in a newsletter) or otherwise object to the advertising communication, provided that this does not conflict with any other statutory retention obligations.

d. When you visit our company pages on social media

In order to provide customers, partners or other interested parties with up-to-date information and to get in touch with you, we operate company pages (sometimes also called "fan pages") on the following social networks in addition to our own website: LinkedIn, Instagram, Facebook and Twitter.

When you visit our company pages on the social networks, the providers of the social networks process personal data from you for the purposes determined by them. The providers also determine how the data is collected and processed. The respective providers are responsible for this type of processing under data protection law.

We would like to point out that the data processing by the providers partly takes place outside the European Economic Area. We recommend that you make the following settings, among others, when using social networks in order to better protect your privacy: Opening the user account only with data whose disclosure is mandatory; disabling the widget function; disabling cookies; preventing cross-page tracking (through browser settings or the installation of appropriate add-ons); regularly deleting the browser history after visiting the pages.

Insofar as the providers of the social networks provide us with aggregated user data or similar information on visitors, their behavior when visiting, and target group information relating to our company site, we are jointly responsible for this data processing with the providers of the networks, whereby this is a shared responsibility. This means that the providers and we are each responsible for different sections of the data processing. You can find information about this here:

LinkedIn
LinkedIn Unlimited Company
Wilton Place
Dublin 2, Ireland
Privacy Policy LinkedIn
Joint responsibility agreement

Instagram / Facebook
Facebook Ireland Limited
4 Grand Canal Square
Dublin 2, Ireland
Privacy Policy Facebook
Privacy Policy Instagram
Joint responsibility agreement

Twitter
Twitter International Company
One Cumberland Place, Fenian Street
Dublin 2, Ireland
Privacy Policy Twitter

We also process your personal data as part of our use of the Company Sites. This includes, in particular, responding to user comments and personal messages directed to us via the Company Site; sharing third party pages on our Company Sites; liking third party posts; tagging third party pages.

The legal basis for data processing is the legitimate interest according to Art. 6 (1) p. 1 lit. f DS-GVO, whereby the legitimate interest results from responding to the interaction expected and partly initiated by users, providing posts and content, and informing about us.

4. When we use cookies and similar technologies

You can find detailed information about the cookies and similar technologies we use on our website.

The legal basis for the storage of information on your terminal device and the retrieval of such information is a legitimate interest pursuant to Art. 6 (1) sentence 1 lit. f DS-GVO, if this is absolutely necessary so that we can provide you with the services you have requested. Consent is not required in this respect (from 01.12.2021: cf. also Section 25 (2) TTDSG (D)).

In all cases other than those in which the storage and retrieval of information from your terminal device is not absolutely necessary, e.g. for tracking, analyses or statistics, the legal basis is your consent pursuant to Art. 6 (1) sentence 1 lit. a, Art. 7 DS-GVO, which we obtain separately from you (from 01.12.2021: cf. also Section 25 (1) TTDSG (D)). Processing will not begin until you have given your consent.

You can revoke your consent at any time with effect for the future.

5. With whom we share your personal data

a. With other GETSAFE companies

To the extent necessary to fulfill the above-mentioned processing purposes, we transfer personal data to other GETSAFE companies. These are

Getsafe Insurance AG
Waldhofer Str. 102
69123 Heidelberg
also referred to as Insurer

GETSAFE GmbH
Waldhofer Str. 102
69123 Heidelberg
also referred to as Getsafe

GETSAFE Digital GmbH
Waldhofer Str. 102
69123 Heidelberg
also referred to as Getsafe Digital

GETSAFE UK Ltd
24 Old Queen St, London SW1H 9HP, UK
also referred to as Getsafe UK

Personal Data will be transferred to or (may) be accessed by our Affiliates (Receiving Company: GETSAFE Ltd.) for the following purposes, among others:

  • Technical services (e.g. hosting, maintenance, upkeep and updating of our websites, support)
  • Handling legal issues and concerns regarding data protection and compliance

The legal basis for the transfer of personal data to affiliated companies is a legitimate interest pursuant to Art. 6 (1) p. 1 lit. f DS-GVO. The legitimate interest results from the recognized need to centralize certain tasks and processes within a group of companies in order to increase quality and efficiency. With regard to the transfer of data to UK Ltd. in the United Kingdom, the European Commission has issued an adequacy decision (Commission Decision of 28.06.2021 - (EU) 2016/679).

b. With technical service providers

Customer.io
Peaberry Software Inc.
921 SW Washington Street
Suite 820, Portland,Oregon, USA
Privacy Policy
With respect to data transfers to the U.S.:
Data Processing Addendum

Google Analytics
Google Ireland Ltd.
Gordon House, Barrow Street
Dublin 4, Ireland
Privacy Policy

For the exceptional cases in which personal data is transferred to the USA, the standard data protection clauses pursuant to Art. 46 DS-GVO apply.

Yotpo
Yotpo Inc.
33 West 19th Street, 5th Floor
New York, NY 10011, USA
Privacy Policy

For the exceptional cases in which personal data is transferred to the USA, the standard data protection clauses pursuant to Art. 46 DS-GVO apply.

Segment.io
Segment.io, Inc.
Spear Street, Fl 1
San Francisco, CA 94103, USA
Privacy Policy

With respect to data transfers to the U.S.:
Data Processing Addendum

Mixpanel
Mixpanel Inc.
405 Howard St., 2nd Floor
San Francisco, CA 94105, USA
Privacy Policy
With respect to data transfers to the U.S.:
Data Processing Addendum

LinkedIn
LinkedIn Unlimited Company
Wilton Place
Dublin 2, Ireland
Privacy Policy
Transfer and processing of personal data outside the EU by LinkedIn on the basis of appropriate safeguards pursuant to Art. 46 et seq. of the GDPR, in particular through standard data protection clauses pursuant to Art. 46 (2) c of the GDPR.

Outbrain
Outbrain UK Ltd.
5 New Bridge Street,
London, EC4V 6JA, UK
Privacy Policy
Transfer and processing of personal data outside the EU by Outbrain on the basis of appropriate safeguards pursuant to Art. 46 et seq. DS-GVO, in particular by standard data protection clauses according to Art. 46 para. 2 c DS-GVO.

AdRoll
NextRoll Ltd.
1, Burlington Plaza, Burlington Road
Dublin 4, Ireland
Privacy Policy
Data Processing Addendum

BingAds
Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399, USA
Privacy Policy
Data Protection Agreement

Taboola
Taboola Inc.
1115 Broadway, 7th Floor
New York, New York 10010, USA
Privacy Policy
Transfer and processing of personal data outside the EU by Taboola on the basis of appropriate safeguards pursuant to Art. 46 et seq. of the GDPR, in particular through standard data protection clauses pursuant to Art. 46 para. 2 c) of the GDPR.

Google Ad Manager (Double Click by Google)
Google Ireland Ltd.
Gordon House, Barrow Street
Dublin 4, Ireland
Privacy Policy
For the exceptional cases in which personal data is transferred to the USA, the standard data protection clauses pursuant to Art. 46 DS-GVO apply.

YouTube
Youtube, LL.C.
901 Cherry Avenue, Second Floor
San Bruno, CA 94066, USA
Privacy Policy
For the exceptional cases in which personal data is transferred to the USA, the standard data protection clauses pursuant to Art. 46 DS-GVO apply.

Zapier
Zapier, Inc.
548 Market St. # 62411, San Francisco, CA 94104-5401
Privacy Policy
Transfer and processing of personal data outside the EU by Zapier on the basis of appropriate safeguards pursuant to Art. 46 et seq. of the GDPR, in particular through standard data protection clauses pursuant to Art. 46(2)(c) of the GDPR.

c. Objection to data processing in certain cases

You have the right to object at any time to processing of your personal data where such processing is based on a legitimate interest and either

  • there are reasons for this that arise from your particular situation; or
  • the processing is carried out for the purposes of direct marketing; or
  • processing is carried out for statistical purposes, unless the processing is necessary for the performance of a task carried out in the public interest.

If you object to the processing and the objection is admissible under the above circumstances, we will no longer process your personal data for the purposes concerned.

Please send your objection to us. You can find the contact details for this in section 1 of this privacy policy.

d. Other rights you are entitled to

  • Right to information about whether we process data about your person. If we process data about your person, you have the right to obtain information about the nature and circumstances of the data processing (Article 15 of the GDPR),
  • Right to correct incorrect data (Art. 16 DS-GVO) or right to delete your data, provided that the requirements of Art. 17 (1) DS-GVO are met,
  • Right to restriction of processing (Art. 18 DS-GVO),
  • Right to data portability under the conditions of Art. 20 DS-GVO

If you would like to submit an inquiry, you can do so directly under the following link: Submit data subject request

e. Your right to contact a supervisory authority

The protection of your data is very important to us. However, should something not be to your satisfaction, please contact us. You can find the contact details for this in section 1 of this data protection notice. You also have the right to complain to a supervisory authority. The supervisory authority responsible for Getsafe is:

Der Landesbeauftragte für Datenschutz und die Informationsfreiheit Baden-Württemberg
Lautenschlagerstrasse 20
70173 Stuttgart
Phone: +49 711 / 61 55 41 0
E-mail: [email protected]

Last changed: 15.06.2022